Hi everybody,
My project consist of creating a web-based search application that allows users to search for employees using a Sql database table named "Employee". I have created a page where the user enters search criteria, hit search button a grid view will display results, next to each row found there is a link that lead the user to another page containing detailed information about that Employee, this page is a DetailsView. the 3rd page consist of creating a new employee not found in database. so it also consist of DetailsView. I also have a login Page.
here is the catch: I want to allow everybody to access the search result page (Gridview) but only Admins (who exist in a sql DB table named Roles) have the right to modify data on the DetailsView Detailes info Page, I ve done this using the
DetailsView1.AutoGenerateEditButton = true;
DetailsView1.AutoGenerateDeleteButton = true;
but I want restrict regular users from accessing AddNewEmployee Page and Searchresult page with gridview on Edit mode, my login page looks like that:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;
using System.Text;
using System.Security.Cryptography;
using System.IO;
namespace Phonebook
{
public partial class LoginUser : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
public string encryptQueryString(string strQueryString)
{
return BLL.Encryption64.Encrypt(strQueryString, "!#$a54?3");
}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
string username = Login1.UserName;
string pwd = Login1.Password;
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString);
conn.Open();
string sqlUserName = "SELECT UserId, Password FROM Roles ";
sqlUserName += " WHERE (UserId ='" + username + "')";
sqlUserName += " AND (Password ='" + pwd + "')";
sqlUserName += " AND (Admin = 'Y')";
SqlCommand cmd = new SqlCommand(sqlUserName, conn);
cmd.Parameters.AddWithValue("@UserId", username);
cmd.Parameters.AddWithValue("@Password", pwd);
string currentName;
currentName = (string)cmd.ExecuteScalar();
if (currentName != null)
{
Session["UserAuthentication"] = username;
Session.Timeout = 1;
Response.Redirect("~/AddEmployee.aspx?search=" + encryptQueryString(username) + "");
}
else
{
Session["UserAuthentication"] = "";
}
}
I am using login control but not the ASP.NET configuration tool.
Is there any way I can create a login logic that does this? Thank you